Antivirus 360, also known as A360, is a rogue security software, it is a false anti-spyware application that is generally installed in the user’s computer by dangerous trojans (such as Zlob and false video codecs), but it can also be installed manually by the victim.
Once your computer is infected with this parasite, it will immediately displays security warnings, alerts and system scans stating that your computer is heavily infected. These warnings are all false and are only displayed to make you think your computer is truly infected and that it is necessary to buy the full version of the software to remove the so-called infections.
Make sure to not fall in this scam, if your computer is infected with Antivirus 360, it is recommended to remove it immediately and to scan your system with a real security software.
Symptoms of infection
- The process av360.exe is running in your system
- The process a360.exe is running in your system
- Slow computer performance
- Repeated security warnings, alerts and system scans
- Web sites that suddenly are shown on your desktop
Malicious web sites and urls:
1 | online-antivirusscanner.com/360/ |
When the program is executed, it creates the following files:
1 2 3 4 5 6 7 8 | %ProgramFiles%\A360 %ProgramFiles%\A360\av360.exe %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 360.lnk %UserProfile%\Desktop\Antivirus 360.lnk %UserProfile%\Start Menu\Antivirus 360 %UserProfile%\Start Menu\Antivirus 360\Antivirus 360.lnk %UserProfile%\Start Menu\Antivirus 360\Help.lnk %UserProfile%\Start Menu\Antivirus 360\Registration.lnk |
How to remove Antivirus 360 (manual removal) ?
- Kill the running process a360.exe
- Kill the running process av360.exe
- Unregister all the Antivirus 360 DLLs
- Delete all the Antivirus 360 files
- Delete all the Antivirus 360 registry entries
How to remove Antivirus 360 (automatic removal) ?
- Download and Install NoVirusThanks Malware Remover
- Update the database
- Click the button Scan
- Delete infected files
I own small ISP. A customer called said when he went to his homepage (GOOGLE.COM) It showed the normal google page, but halfway down a Text block which had title “Google Tips” with the colorful Google logo and all. informed him that It was recommening Activation blah blah blah. My concern is the comp owner could be lead to think GOOGLE is saying it. I would imagine Google attorneys could have a field day.
Comments by Richard - December 25th, 2008 at 5:30 pm
I was told on my computer that i had a virus and needed to download A360 to protect and remove my viruses.. now that i have done that my computer hasn’t worked right since… what do i need to do?? this is my company computer and i can’t have it not work.. I already have the AVG free 8.0
Can someone please help me. PLEASE,
Comments by catrina - March 7th, 2009 at 6:38 am
catrina, to remove Antivirus 360 simply follow these steps:
Download, Install and Update NVT Malware Remover Tool then scan your computer and remove infected files found.
Comments by Robert - March 7th, 2009 at 7:17 pm
I have the same problem with the Antivirus 360, I did scan my computer with malware remover tool V2 but with no success ( No malicious files were found ) same thing with the Rogue Software Remover .
And the popout of the Antivirus 360 keeps on coming .
Help will be deeply appreciate .
Comments by Nicolas - March 10th, 2009 at 1:56 pm
Nicolas, post your HiJackThis log here so we can help you : )
Comments by Robert - March 10th, 2009 at 2:29 pm
Dear Robert ,
I am trying to download the HiJackThis through hijackthis.eu or through trendsecure.com , using Mozilla or IE , and getting my NAV out of the way but it keep on saying : “this download has been blocked by your Security Zone Policy” .
I feel really stupid , but any suggestion ??? ;(
Comments by Nicolas - March 10th, 2009 at 5:21 pm
Nicolas, is possible that a trojan is blocking you from access some security websites, try to download HiJackThis from this link:
http://download.hijackthis.eu/HJTInstall.exe
Let me know if it work for you
Comments by Robert - March 11th, 2009 at 1:37 am
I tried the above link but with no success . Still the same blocking :
: “this download has been blocked by your Security Zone Policy” .
After a full scan with NAV , nothing was found .
anything else that I should try ?
Thank you already for the support and the help .
Comments by Nicolas - March 11th, 2009 at 10:47 am
Try to boot windows in safe mode (press F8 when pc start) and enable safe mode with network support, then try to download HiJackThis from the link I posted in my last comment, it should work : )
Comments by Robert - March 11th, 2009 at 1:21 pm
I finally manage to do it .
Here is the log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14:53, on 11/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\pp2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\voipbuster.com\voipbuster\voipbuster.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in.gr/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O3 – Toolbar: Norton AntiVirus – {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} – C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [RoxioDragToDisc] “C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe”
O4 – HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 – HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 – HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 – HKLM\..\Run: [Acronis Scheduler2 Service] “C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [sysldtray] C:\windows\ld02.exe
O4 – HKLM\..\Run: [pp] C:\windows\pp2.exe
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [VoipBuster] “C:\program files\voipbuster.com\voipbuster\voipbuster.exe” -nosplash -minimized
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 – HKCU\..\Run: [VoipDiscount] “C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe” -nosplash -minimized
O4 – HKCU\..\Run: [Norton SystemWorks] “C:\Program Files\Norton SystemWorks\cfgwiz.exe” /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent
O4 – HKCU\..\Run: [dll] rundll32 dll32,sm
O4 – HKCU\..\Run: [BitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 – Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 – Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 – Global Startup: Phone Connection Monitor.lnk = ?
O4 – Global Startup: Rupsmon Daemon.lnk = ?
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{023939C5-3560-4EF3-A170-826DAC820BE3}: NameServer = 194.219.227.2,193.92.150.3
O17 – HKLM\System\CCS\Services\Tcpip\..\{5051BE61-DD15-4721-BA2B-EF0A7864E17B}: NameServer = 194.219.227.2,193.92.150.3
O17 – HKLM\System\CS1\Services\Tcpip\..\{023939C5-3560-4EF3-A170-826DAC820BE3}: NameServer = 194.219.227.2,193.92.150.3
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 – Service: Acronis Scheduler2 Service (AcrSch2Svc) – Acronis – C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: HP Port Resolver – Hewlett-Packard Company – C:\WINDOWS\system32\spool\drivers\w32×86\3\HPBPRO.EXE
O23 – Service: HP Status Server – Hewlett-Packard Company – C:\WINDOWS\system32\spool\drivers\w32×86\3\HPBOID.EXE
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 – Service: Norton AntiVirus Auto-Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 – Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\system32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: Rupsmon – Mega System Technologies, Inc. – C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 – Service: Acronis Try And Decide Service (TryAndDecideService) – Unknown owner – C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 – Service: USBMate – Mega Corp. – C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
O23 – Service: WD Drive Manager Service (WDBtnMgrSvc.exe) – WDC – C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
–
End of file – 13071 bytes
Comments by Nicolas - March 11th, 2009 at 2:17 pm
Nicolas, you are infected by other trojans, these files are very suspicious:
C:\windows\pp2.exe
C:\windows\ld02.exe
C:\WINDOWS\system32\dll32.dll
And these other files are little suspicious:
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\nvsvc32.exe
Can you scan all of them here:
http://scanner.novirusthanks.org/
And paste here only the files that are detected ?
If you cannot find the files, boot windows in safe mode with network support : )
Comments by Robert - March 11th, 2009 at 7:02 pm
I have on my computer an alert that tells me I have a blocked program and it is the av360 virus. I did not run it but I see the file in my C:/Program files/a360. It is also listed on the start up menu. I checked my registry and did not find the files it is supposed to create if it is installed and it is not listed in the add/remove programs list. What do I do?
Comments by Felicia - March 12th, 2009 at 4:45 am
For C:\windows\pp2.exe :
File of 0 bytes … Please upload a file more than 0 bytes size
For C:\windows\ld02.exe :
File not found
For C:\WINDOWS\system32\dll32.dll :
File Information
Report Generated: 12.3.2009 at 8.28.17 (GMT 1)
Time for scan: 42 seconds
File Name: dll32.dll
File Size: 12 KB
MD5 Hash: 56D9E8CB68C4C09D7467F47F909B075F
SHA1 Hash: A91814B1A6BD6FDDBD66AFD5B950422531AA3571
Detection Rate: 2 on 24 (8,33 %)
Status: INFECTED
Antivirus Sig version Engine Version Result
a-squared 11/03/2009 4.0.0.32 Trojan-Proxy.Win32.Small!IK
Avira AntiVir 7.1.2.158 8.1.2.12 -
Avast 090310-0 4.8.1229 -
AVG 270.11.10/1996 8.0.0.0 -
BitDefender 12/03/2009 7.0.0.2555 -
ClamAV 11/03/2009 0.93.1.0 -
Comodo 1049 3.8 -
Dr.Web 12/03/2009 5.0 -
Ewido 12/03/2009 4.0.0.2 -
F-PROT 6 20090311 4.4.4.56 -
G DATA 19.3655 2.0.7309.847 -
IkarusT3 11/03/2009 1001044 Trojan-Proxy.Win32.Small
Kaspersky 12/03/2009 8.0.0.357 -
McAfee 11/03/2009 5.1.0.0 -
Malware Hash Registry 12/03/2009 N/A -
NOD32 v3 3929 3.0.677 -
Norman 2009/03/11 5.92.08 -
Panda 07/02/2009 9.5.1.00 -
QuickHeal 11 March, 2009 10.0 -
Solo Antivirus 12/03/2009 8.0 -
Sophos 12/03/2009 4.32.0 -
TrendMicro 889(588900) 1.1-1001 -
VBA32 12/03/2009 3.12.0.300 -
VirusBuster 10.102.6 1.4.3 -
Extra Information
CRC32: 1553040197
Packer detected: Nothing found *
Application Type: Dinamyc Link Library (DLL) 32bit
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
ASCII Strings: View
For C:\WINDOWS\SM1BG.EXE :
STATUS: Finished
File Information
Report Generated: 12.3.2009 at 8.32.04 (GMT 1)
Time for scan: 45 seconds
File Name: SM1BG.EXE
File Size: 92 KB
MD5 Hash: B0840AE66BD22183C6748F4E8F6B3319
SHA1 Hash: 46937109BA35982F7EF10025AE99784B5F104962
Detection Rate: 0 on 24 (0 %)
Status: CLEAN
Antivirus Sig version Engine Version Result
a-squared 11/03/2009 4.0.0.32 -
Avira AntiVir 7.1.2.158 8.1.2.12 -
Avast 090310-0 4.8.1229 -
AVG 270.11.10/1996 8.0.0.0 -
BitDefender 12/03/2009 7.0.0.2555 -
ClamAV 11/03/2009 0.93.1.0 -
Comodo 1049 3.8 -
Dr.Web 12/03/2009 5.0 -
Ewido 12/03/2009 4.0.0.2 -
F-PROT 6 20090311 4.4.4.56 -
G DATA 19.3655 2.0.7309.847 -
IkarusT3 11/03/2009 1001044 -
Kaspersky 12/03/2009 8.0.0.357 -
McAfee 11/03/2009 5.1.0.0 -
Malware Hash Registry 12/03/2009 N/A -
NOD32 v3 3929 3.0.677 -
Norman 2009/03/11 5.92.08 -
Panda 07/02/2009 9.5.1.00 -
QuickHeal 11 March, 2009 10.0 -
Solo Antivirus 12/03/2009 8.0 -
Sophos 12/03/2009 4.32.0 -
TrendMicro 889(588900) 1.1-1001 -
VBA32 12/03/2009 3.12.0.300 -
VirusBuster 10.102.6 1.4.3 -
Extra Information
CRC32: 1867864161
Packer detected: Microsoft Visual C++ 6.0
Application Type: Executable (EXE) 32bit
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
ASCII Strings: View
For C:\WINDOWS\system32\nvsvc32.exe :
STATUS: Finished
File Information
Report Generated: 12.3.2009 at 8.34.44 (GMT 1)
Time for scan: 45 seconds
File Name: nvsvc32.exe
File Size: 156 KB
MD5 Hash: 0C41C4ACFE00D826DB479C40C1D9EDC8
SHA1 Hash: 0D5EF68F906D70CCFB5C75B7698D8E3544F7A0F4
Detection Rate: 0 on 24 (0 %)
Status: CLEAN
Antivirus Sig version Engine Version Result
a-squared 11/03/2009 4.0.0.32 -
Avira AntiVir 7.1.2.158 8.1.2.12 -
Avast 090310-0 4.8.1229 -
AVG 270.11.10/1996 8.0.0.0 -
BitDefender 12/03/2009 7.0.0.2555 -
ClamAV 11/03/2009 0.93.1.0 -
Comodo 1049 3.8 -
Dr.Web 12/03/2009 5.0 -
Ewido 12/03/2009 4.0.0.2 -
F-PROT 6 20090311 4.4.4.56 -
G DATA 19.3655 2.0.7309.847 -
IkarusT3 11/03/2009 1001044 -
Kaspersky 12/03/2009 8.0.0.357 -
McAfee 11/03/2009 5.1.0.0 -
Malware Hash Registry 12/03/2009 N/A -
NOD32 v3 3929 3.0.677 -
Norman 2009/03/11 5.92.08 -
Panda 07/02/2009 9.5.1.00 -
QuickHeal 11 March, 2009 10.0 -
Solo Antivirus 12/03/2009 8.0 -
Sophos 12/03/2009 4.32.0 -
TrendMicro 889(588900) 1.1-1001 -
VBA32 12/03/2009 3.12.0.300 -
VirusBuster 10.102.6 1.4.3 -
Extra Information
CRC32: 876465743
Packer detected: Microsoft Visual C++ 6.0 [Debug]
Application Type: Executable (EXE) 32bit
Self-Extract Archive: Nothing found
Binder Detector: Nothing found
ASCII Strings: View
Comments by Nicolas - March 12th, 2009 at 7:37 am
@Nicolas, perfect, delete these files manually (be sure to boot windows in safe mode before delete them):
C:\windows\pp2.exe
C:\windows\ld02.exe
C:\WINDOWS\system32\dll32.dll
Then delete these registry keys (open regedit.exe and search for the keys below):
O4 – HKLM\..\Run: [sysldtray] C:\windows\ld02.exe
O4 – HKLM\..\Run: [pp] C:\windows\pp2.exe
O4 – HKCU\..\Run: [dll] rundll32 dll32,sm
After, open and update NVT Malware Remover and type a full system scan (if it detects viruses paste here the logs). After, restart your Computer and do a new HiJackThis scan and paste here the logs.
@Felicia, download this program: http://download.hijackthis.eu/HJTInstall.exe and do a system scan, then paste here the logs : )
Comments by Robert - March 12th, 2009 at 11:10 am
Robert,
My daughters computer is infected by the A360 virus, I downloaded the NVT Rogue Software Remover and scan the computer, I received the “Error on Remove” note. What should I do next?
Comments by Rich - March 13th, 2009 at 1:55 am
Hi Rich,
to remove Antivirus 360 follow these steps:
Download, Install and Update NVT Malware Remover Tool then scan your computer and remove infected files found.
Let me know if it worked fine for you.
Comments by Robert - March 13th, 2009 at 11:41 am
Robert, I downloaded the program from your link in #14 and this is what came up after the scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:23 PM, on 3/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 – BHO: Groove GFS Browser Helper – {72853161-30C5-4D22-B7F9-0BBC1D38A37E} – C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – c:\program files\google\googletoolbar2.dll
O2 – BHO: ZoneAlarm Spy Blocker BHO – {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} – C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar2.dll
O3 – Toolbar: ZoneAlarm Spy Blocker – {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} – C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 – HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 – HKLM\..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 – HKLM\..\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [Yahoo! Pager] “C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE” -quiet
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [AE7A2824BE1EB98FBAAFB44EBD5702DB] C:\Program Files\A360\av360.exe
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 – Extra button: Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 – DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) – http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 – DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) – https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 – DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) – http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 – DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) – http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 – DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) – http://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O18 – Protocol: grooveLocalGWS – {88FED34C-F0CA-4636-A375-3CB6248B04CD} – C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: Symantec AntiVirus Definition Watcher (DefWatch) – Symantec Corporation – C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: NICCONFIGSVC – Dell Inc. – C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe
O23 – Service: SAVRoam (SavRoam) – symantec – C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec AntiVirus – Symantec Corporation – C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Check Point Software Technologies LTD – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 – Service: Dell Wireless WLAN Tray Service (wltrysvc) – Unknown owner – C:\WINDOWS\System32\WLTRYSVC.EXE
–
End of file – 9125 bytes
Comments by Darren - March 14th, 2009 at 5:59 am
Hi Darren,
delete this file:
C:\Program Files\A360\av360.exe
and delete this registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
“AE7A2824BE1EB98FBAAFB44EBD5702DB”
after, restart your pc, and check if Antivirus 360 is still running in your system, if you notice other problems with the pc just post here
Comments by Robert - March 15th, 2009 at 12:20 am
I had the A360 program begin it’s “work” on my pc today. I did all I could to stop it from doing what it wanted to do. SpySweeper would open automatically and tell me all was OK. When I did a full scan Spy Sweeper found the A360 pragram as adware and removed it. A360 was removed except for the desktop icon which was unesable so I deleted it.
Comments by Steve - March 15th, 2009 at 3:18 am
okay I installed that program and in under 5 minutes it found antivirus 360, how do i remove it though???
Comments by mandy - March 16th, 2009 at 12:55 am
Download and use this:
http://www.lavasoft.com/single/trialpay.php
‘Nuff said!
Comments by Stanley Levin - March 16th, 2009 at 1:58 am
mandy, right click of the mouse over the detected file and select “Delete selected file”
Comments by Robert - March 16th, 2009 at 12:58 pm
I used your program to rid my system of the A360 virus and all seems well I do not get the pop-ups or the subscription info. But now when I am on the internet and type in a search for specific site and then select the site from the search listing my computer automatically re-directs itself to some other site. For example, I type in a search for plumbing hardware select one of the listed sites and my computer gives me a Swifter mop page. ????? What do you thnik is the problem?
Comments by Paul - March 19th, 2009 at 12:36 pm
[...] per chi volesse saperne di piu QUI c’è l’analisi del virus Tags: av360, rogue, virus Category: security, windows | Comment (RSS) | Trackback [...]
Comments by SpippolAzione.net » Blog Archive » Il falso antivirus AV306 blocca internet explorer - March 19th, 2009 at 1:29 pm
Hi Paul,
is possible that you are infected by a BHO (Browser Helper Object), try to do this:
with NVT Malware Remover Tool click on “Settings”, then enable the option “Clear BHOs (Browser Helper Objects)” and then re-click on “Scan Button” to re-scan your pc.
After, restart your PC and try to do again a search and let me know if now is all fine.
Anyway, you can also post a log of HiJackThis just so we can analyze the logs and we can let you know if you need to remove other possible malicious files.
Comments by Robert - March 19th, 2009 at 5:31 pm